105 lines
3.9 KiB
YAML
105 lines
3.9 KiB
YAML
name: CI/CD Pipeline for mengning.com.cn
|
||
on:
|
||
push:
|
||
branches:
|
||
- main
|
||
pull_request:
|
||
branches:
|
||
- main
|
||
|
||
jobs:
|
||
build:
|
||
runs-on: ubuntu-latest
|
||
container:
|
||
image: gitea/runner-images:ubuntu-latest
|
||
steps:
|
||
- name: 拉取代码
|
||
uses: https://devstar.cn/actions/checkout@v4
|
||
with:
|
||
fetch-depth: 0
|
||
|
||
- name: 安装依赖
|
||
working-directory: .
|
||
run: |
|
||
set -eux
|
||
npm install
|
||
npm add -D vitepress
|
||
|
||
- name: 构建项目
|
||
working-directory: .
|
||
run: |
|
||
set -eux
|
||
chmod +x node_modules/.bin/vitepress
|
||
npm run build
|
||
|
||
- name: 构建 Docker 镜像
|
||
run: |
|
||
set -eux
|
||
docker build -t devstar-docs:${{ gitea.sha }} .
|
||
|
||
- name: 登录 Docker Registry
|
||
run: |
|
||
set -eux
|
||
echo "${{ secrets.DOCKER_REGISTRY_PASSWORD }}" | docker login -u ${{ secrets.DOCKER_REGISTRY_USERNAME }} ${{ vars.DOCKER_REGISTRY_ADDRESS }} --password-stdin
|
||
|
||
- name: 打 tag 并推送镜像
|
||
run: |
|
||
set -eux
|
||
docker tag devstar-docs:${{ gitea.sha }} ${{ vars.DOCKER_REGISTRY_ADDRESS }}/${{ vars.DOCKER_REPOSITORY_ARTIFACT}}:${{ gitea.sha }}
|
||
docker tag devstar-docs:${{ gitea.sha }} ${{ vars.DOCKER_REGISTRY_ADDRESS }}/${{ vars.DOCKER_REPOSITORY_ARTIFACT}}:latest
|
||
|
||
echo "开始推送 SHA tag 镜像..."
|
||
if docker push ${{ vars.DOCKER_REGISTRY_ADDRESS }}/${{ vars.DOCKER_REPOSITORY_ARTIFACT}}:${{ gitea.sha }}; then
|
||
echo "✅ SHA tag 推送成功"
|
||
else
|
||
echo "❌ SHA tag 推送失败"
|
||
exit 1
|
||
fi
|
||
|
||
echo "开始推送 latest tag 镜像..."
|
||
if docker push ${{ vars.DOCKER_REGISTRY_ADDRESS }}/${{ vars.DOCKER_REPOSITORY_ARTIFACT}}:latest; then
|
||
echo "✅ latest tag 推送成功"
|
||
else
|
||
echo "❌ latest tag 推送失败"
|
||
exit 1
|
||
fi
|
||
|
||
# 可选:验证 Registry 上是否存在 latest
|
||
if docker manifest inspect ${{ vars.DOCKER_REGISTRY_ADDRESS }}/${{ vars.DOCKER_REPOSITORY_ARTIFACT}}:latest >/dev/null 2>&1; then
|
||
echo "✅ latest tag 确认存在于 Registry"
|
||
else
|
||
echo "❌ latest tag 在 Registry 上不存在"
|
||
exit 1
|
||
fi
|
||
|
||
- name: 📝 更新 mengning.com.cn(通过删除/创建 Application CRD)
|
||
env:
|
||
DOCKER_REGISTRY_ADDRESS: ${{ vars.DOCKER_REGISTRY_ADDRESS }}
|
||
DOCKER_REPOSITORY_ARTIFACT: ${{ vars.DOCKER_REPOSITORY_ARTIFACT }}
|
||
TLS_CERTIFICATE: ${{ secrets.TLS_CERTIFICATE }}
|
||
TLS_PRIVATE_KEY: ${{ secrets.TLS_PRIVATE_KEY }}
|
||
run: |
|
||
set -eux
|
||
curl -LO https://mirrors.ustc.edu.cn/kubernetes/core%3A/stable%3A/v1.28/deb/amd64/kubectl_1.28.0-1.1_amd64.deb
|
||
sudo dpkg -i kubectl_1.28.0-1.1_amd64.deb
|
||
|
||
kubectl config set-cluster remote-cluster --server=${{ secrets.K8S_URL }} --insecure-skip-tls-verify=true
|
||
kubectl config set-credentials token-user --token=${{ secrets.K8S_TOKEN }}
|
||
kubectl config set-context remote-context --cluster=remote-cluster --user=token-user
|
||
kubectl config use-context remote-context
|
||
|
||
echo "$TLS_CERTIFICATE" > /tmp/tls.crt
|
||
echo "$TLS_PRIVATE_KEY" > /tmp/tls.key
|
||
kubectl create secret tls mengningsoftware-tls \
|
||
--cert=/tmp/tls.crt \
|
||
--key=/tmp/tls.key \
|
||
-n istio-system \
|
||
--dry-run=client -o yaml | kubectl apply -f -
|
||
rm -f /tmp/tls.crt /tmp/tls.key
|
||
|
||
sed "s|\${DOCKER_REGISTRY_ADDRESS}|${DOCKER_REGISTRY_ADDRESS}|g; s|\${DOCKER_REPOSITORY_ARTIFACT}|${DOCKER_REPOSITORY_ARTIFACT}|g" \
|
||
.gitea/workflows/application.yaml > /tmp/application-crd.yaml
|
||
|
||
kubectl delete application mengningsoftware -n web-servers --ignore-not-found=true || true
|
||
kubectl apply -f /tmp/application-crd.yaml
|